Who Owns Your Personal Data?

Kris Sangani

Attracting users to social networking sites and cloud computing sites is all about building trust. However, if recent news is anything to go by, consumers would be right to consider that the trust they have put into the internet companies that run these services has been betrayed. In recent months, it seems that not a day has gone by without another revelation that the private and personal data, the currency of these websites, has been compromised, misused or surreptitiously collected without the owner of the data's permission.
Between 2006 and the beginning of 2010, search engine giant Google started a project to map and digitally photograph every road in every major city in more than 30 countries for its product Google Streetview. This soon became a hate symbol among privacy and civil rights advocates, who claimed that Google were pushing the envelope on what type of information you could collect and publish on the Internet. But images, it appears, is not all that the Streetview cars .collected. It now turns out that Google collected over 600 gigabytes of data from users of public and unprotected Wi-Fi access routers ;... which included Web pages visited and emails.

---

---

All this only came to light when German data privacy regulators investigated Google's Streetview project - and Google had to admit to collecting the data - although the company claimed they were not aware of their own data collection activities until the request was received and that none of this data was used in Google's search engine or other services. Google has said it will not destroy the data until permitted by regulators.
Even consumer tech companies such as Apple cannot escape criticism from the eagle-eyed German regulators. Apple must immediately 'make clear' what data it collects from users of its products and for what purposes, Germany's justice minister was quoted as saying by Der Spiegel magazine. 'Users of iPhones and other GPS devices must be aware of what kind of information is being collected,' Sabine Leutheusser-Schnarrenberger told the German weekly. The minister's criticism was aimed at changes Apple has made in its privacy policy whereby the company can collect data on the geographic location of its users - albeit anonymously. Leutheusser-Schnarrenberger said she expected Apple to 'open its databases to German data protection authorities' and clarify what data it was collecting and how long it was saving the data. T he justice minister said it would be 'unthinkable' for Apple to create personality- or user-based profiles. 'Apple has the obligation to properly implement the transparency so often promised by [CEO] Steve Jobs,' she said.

---

---

Microblogging service Twitter recently agreed to a settlement with the US Federal Trade Commission over charges it put its customers' privacy at risk by failing to safeguard their personal information. This agreement stems from a series of attacks last year on Twitter, the service that lets people send short messages to groups of followers. Lapses in Twitter's security allowed hackers to send out fake tweets pretending to be from US President Barack Obama and Fox News. Hackers also managed to take administrative control of Twitter and gain access to private tweets, or messages. Between January and May 2009, hackers were 'able to view non-public user information, gain access to direct messages and protected tweets, and reset any user's password' and send tweets from any user account, according to the original FTC complaint. Twitter acknowledged 45 accounts were accessed by hackers in January last year and 10 in April 2009 'for short periods of time' . Twitter claims the January attack resulted in 'unauthorised joke tweets' from nine accounts. But the company also admitted that the hackers may also have accessed data such as email addresses and phone numbers. In April, when another incident occurred, Twitter claims to have cut off the hacker's administrative access within 18 minutes of the attack and quickly informed affected users. Under the terms of the settlement, Twitter will be barred for 20 years from 'misleading consumers about the extent to which it maintains and protects the security; privacy, and confidentiality of non-public consumer information'. Twitter must also establish a comprehensive security program that 'will be assessed by a third party every year for ten years', according to the FTC.

---

---

But most criticism surrounding data privacy is currently reserved for Facebook, which has faced the wrath of a consumer backlash when millions of users suddenly found their private details exposed and searchable on Google, Bing and Yahoo. Facebook, whose privacy policies have come under attack both at home and abroad, now faces a stiff fine from Germany's Hamburg Commissioner for Data Protection and Freedom of Information for storing non-users' personal data without their permission. The issue came to the fore in recent months amid criticisms that Facebook's confusing privacy settings were making it possible for Internet stalkers, cyber criminals and even nosy neighbours to gain a wealth of information about its users without their knowledge or permission. Facebook has now started to roll out changes that would give users more powerful tools to prevent personal information being accessed by others. For instance, Facebook will allow users to block all third parties from accessing their information without their explicit permission. It will also make less information available in its user directory and reduce the number of settings required to make all information private from nearly 50 to less than 15.
The back tracking by internet companies on how they use our private data has demonstrated that they cannot take our trust for granted. If social networking becomes increasingly important to companies such as Google, Apple and Microsoft, they will have to be careful not to violate their users' trust in the future.